Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

waiting for background program to close [Solved]


  • This topic is locked This topic is locked

#1
gvnaz

gvnaz

    Member

  • Member
  • PipPip
  • 66 posts
i'm working on a friends computer, it doesn't 'feel' infected but there are several random problems. the biggest problem is that whenever the computer is shut down (or restarted) it comes up with a screen about waiting for a background program to close but it doesn't identify the program. sometimes the screen just flashes up for a split second and other times the computer does nothing until it is force closed.

*edit - now i'm getting a popup from Avast that software health is critcal because Java 6 is outdated. only problem is that i have already uninstalled 6 and installed 7.

it didn't give me an Extras.txt log but here is the OTL.Txt

OTL logfile created on: 9/20/2013 7:11:39 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\the Hoff\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.63 Gb Available Physical Memory | 72.68% Memory free
15.49 Gb Paging File | 13.32 Gb Available in Paging File | 85.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 726.18 Gb Free Space | 38.98% Space Free | Partition Type: NTFS
Drive D: | 2.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 3.72 Gb Total Space | 2.52 Gb Free Space | 67.85% Space Free | Partition Type: FAT32

Computer Name: THEHOFF-PC | User Name: the Hoff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/19 10:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\the Hoff\Desktop\OTL.exe
PRC - [2013/09/16 20:21:30 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/30 00:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\[]TOOLS[]\Avast\AvastUI.exe
PRC - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\[]TOOLS[]\Avast\AvastSvc.exe
PRC - [2013/08/16 15:55:16 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe
PRC - [2013/07/12 15:17:27 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/24 17:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/02/19 20:47:18 | 001,730,864 | ---- | M] (Actual Tools) -- C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/06/16 17:00:28 | 000,315,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/03/23 07:17:43 | 000,417,280 | ---- | M] (Stardock Corporation) -- C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/20 18:26:02 | 000,128,512 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\_elementtree.pyd
MOD - [2013/09/20 18:26:01 | 000,098,816 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\win32api.pyd
MOD - [2013/09/20 18:26:01 | 000,044,032 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\_socket.pyd
MOD - [2013/09/20 18:26:01 | 000,022,528 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\win32ts.pyd
MOD - [2013/09/20 18:26:00 | 000,557,056 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\pysqlite2._sqlite.pyd
MOD - [2013/09/20 18:26:00 | 000,320,512 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\win32com.shell.shell.pyd
MOD - [2013/09/20 18:26:00 | 000,026,624 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\_multiprocessing.pyd
MOD - [2013/09/20 18:25:59 | 000,805,888 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\wx._gdi_.pyd
MOD - [2013/09/20 18:25:59 | 000,070,656 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\wx._html2.pyd
MOD - [2013/09/20 18:25:59 | 000,011,264 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\win32crypt.pyd
MOD - [2013/09/20 18:25:58 | 000,504,832 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\windows._cacheinvalidation.pyd
MOD - [2013/09/20 18:25:57 | 000,087,040 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\_ctypes.pyd
MOD - [2013/09/20 18:25:57 | 000,017,408 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\win32profile.pyd
MOD - [2013/09/20 18:25:54 | 000,364,544 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\pythoncom27.dll
MOD - [2013/09/20 18:25:46 | 000,735,232 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\wx._misc_.pyd
MOD - [2013/09/20 18:25:45 | 000,110,080 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\PyWinTypes27.dll
MOD - [2013/09/20 18:25:43 | 001,175,040 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\wx._core_.pyd
MOD - [2013/09/20 18:25:43 | 000,108,544 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\win32security.pyd
MOD - [2013/09/20 18:25:42 | 001,153,024 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\_ssl.pyd
MOD - [2013/09/20 18:25:41 | 000,025,600 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\win32pdh.pyd
MOD - [2013/09/20 18:25:40 | 000,811,008 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\wx._windows_.pyd
MOD - [2013/09/20 18:25:40 | 000,711,680 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\_hashlib.pyd
MOD - [2013/09/20 18:25:40 | 000,035,840 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\win32process.pyd
MOD - [2013/09/20 18:25:39 | 000,122,368 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\wx._wizard.pyd
MOD - [2013/09/20 18:25:38 | 000,119,808 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\win32file.pyd
MOD - [2013/09/20 18:25:37 | 000,038,912 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\win32inet.pyd
MOD - [2013/09/20 18:25:33 | 001,062,400 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\wx._controls_.pyd
MOD - [2013/09/20 18:25:31 | 000,018,432 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\win32event.pyd
MOD - [2013/09/20 18:25:22 | 000,127,488 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\pyexpat.pyd
MOD - [2013/09/20 18:25:21 | 000,686,080 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\unicodedata.pyd
MOD - [2013/09/20 18:25:20 | 000,010,240 | ---- | M] () -- C:\Users\the Hoff\AppData\Local\Temp\_MEI32482\select.pyd
MOD - [2013/08/16 15:55:16 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\mozjs.dll
MOD - [2013/03/13 13:48:52 | 024,978,944 | ---- | M] () -- C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 16:32:50 | 003,558,400 | ---- | M] () -- C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/23 07:17:43 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\[]TOOLS[]\CursorFX\zlib1.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\[]TOOLS[]\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/01/26 23:55:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013/09/19 10:46:55 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/08/16 15:55:16 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/30 00:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/30 00:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/30 00:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/30 00:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/30 00:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/30 00:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/30 00:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/30 00:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 00:37:22 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/01/27 00:37:22 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/26 23:13:34 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/15 05:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/06/23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/01 10:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 09:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 03:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5807584B-75B6-465D-88B0-3C4AC684276C}
IE:64bit: - HKLM\..\SearchScopes\{5807584B-75B6-465D-88B0-3C4AC684276C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B01640CD-4AE7-4121-9097-F4E61054E570}
IE - HKLM\..\SearchScopes\{B01640CD-4AE7-4121-9097-F4E61054E570}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {B01640CD-4AE7-4121-9097-F4E61054E570}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{B01640CD-4AE7-4121-9097-F4E61054E570}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.addSBtoToolbar: false
FF - prefs.js..browser.search.autosizerwizard: ""
FF - prefs.js..browser.search.minwidth: 156
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://fastdial/content/fastdial.html"
FF - prefs.js..extensions.enabledAddons: CLEO%40guid.customsoftwareconsult.com:5.0.1
FF - prefs.js..extensions.enabledAddons: gmailnoads%40mywebber.com:3.9.1
FF - prefs.js..extensions.enabledAddons: quickdrag%40mozilla.ktechcomputing.com:2.1.3.23
FF - prefs.js..extensions.enabledAddons: text2voice%40vik.josh:1.10
FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: %7B1ced4832-f06e-413f-aa14-9eb63ad40ace%7D:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0%7D:1.2.7.0
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: %7B582195F5-92E7-40a0-A127-DB71295901D7%7D:0.6.4.1.3
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Bdc0fa13c-3dae-73eb-e852-912722c852f9%7D:0.3.1
FF - prefs.js..extensions.enabledAddons: %7BEDA7B1D7-F793-4e03-B074-E6F303317FB0%7D:1.2.7
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2013040601
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7B5F590AA2-1221-4113-A6F4-A4BB62414FAC%7D:0.45.8.20130519.3
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.6.3
FF - prefs.js..extensions.enabledAddons: rehostimage%40engy.us:1.5.10
FF - prefs.js..extensions.enabledAddons: %7B4BBDD651-70CF-4821-84F8-2B918CF89CA3%7D:7.3.0.1
FF - prefs.js..extensions.enabledAddons: %7B8620c15f-30dc-4dba-a131-7c5d20cf4a29%7D:3.6
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.11
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: fastdial%40telega.phpnet.us:4.11
FF - prefs.js..extensions.enabledAddons: undoclosedtabsbutton%40supernova00.biz:3.8.4.3
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: thumbnailZoom%40dadler.github.com:2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.4
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {dc0fa13c-3dae-73eb-e852-912722c852f9}:0.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {54BB9F3F-07E5-486c-9B39-C7398B99391C}:4.0.2011021601
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:3.1.7
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.76
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: {655397ca-4766-496b-b7a8-3a5b176ee4c2}:1.5.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.05
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.3.4
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.5
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.2.44079
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.5
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.3.21
FF - prefs.js..extensions.enabledItems: {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.6.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {bf70ba50-e70d-11dd-ba2f-0800200c9a66}:1.0.9
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: {526fd696-27a0-11dc-8314-0800200c9a66}:3.5.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\[]TOOLS[]\PDF-XChange\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\[]TOOLS[]\PDF-XChange\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\[]TOOLS[]\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\[]TOOLS[]\PDF-XChange\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\[]TOOLS[]\PDF-XChange\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\[]TOOLS[]\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\[]TOOLS[]\Avast\WebRep\FF [2013/09/07 11:06:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\components [2013/09/10 19:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins [2013/09/19 18:08:09 | 000,000,000 | ---D | M]

[2011/03/03 13:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Extensions
[2013/09/20 19:01:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions
[2013/09/19 10:46:02 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/03/03 14:56:35 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2011/03/03 14:56:35 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2013/04/15 21:30:49 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/06/23 15:11:18 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/03/03 14:55:57 | 000,000,000 | ---D | M] (Aquatint Slate) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}
[2011/03/03 14:55:51 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2013/08/10 21:46:56 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2011/03/09 19:57:02 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2013/08/31 14:18:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/03 14:55:52 | 000,000,000 | ---D | M] (Gradient iBlu) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66}
[2011/03/03 14:55:51 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2011/03/22 19:54:12 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2011/08/05 14:37:25 | 000,000,000 | ---D | M] (CLEO) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2013/09/17 15:58:07 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2012/03/31 20:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2011/03/03 14:56:35 | 000,000,000 | ---D | M] (Sxipper) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2011/03/03 14:56:35 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2011/03/03 14:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2011/03/03 14:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2011/03/03 14:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2011/03/03 14:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2011/03/03 14:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2012/09/25 20:20:40 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2013/09/20 19:01:07 | 000,000,947 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2012/03/31 07:50:28 | 000,032,381 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2013/06/18 09:44:08 | 000,053,161 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2013/09/19 10:45:50 | 000,015,751 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2012/10/10 15:12:00 | 000,061,608 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2013/09/19 10:58:56 | 000,166,574 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2013/09/17 15:58:06 | 000,035,814 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]
[2013/08/15 15:48:02 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013/06/04 19:01:21 | 000,096,207 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2013/08/30 15:42:50 | 002,146,697 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
[2012/06/07 13:04:10 | 000,009,253 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi
[2013/04/13 15:40:48 | 000,307,011 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
[2011/09/17 21:49:22 | 000,242,715 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
[2013/06/04 19:01:21 | 000,043,024 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
[2013/04/11 16:10:00 | 000,232,420 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{655397ca-4766-496b-b7a8-3a5b176ee4c2}.xpi
[2013/07/30 15:59:41 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/11/06 13:42:39 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011/10/17 21:00:59 | 000,003,147 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}.xpi
[2013/04/05 15:46:57 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/08/10 21:46:52 | 000,275,449 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/06/22 23:45:06 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png
[2008/03/20 16:43:48 | 000,001,182 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\mac\mozapps\xpinstall\xpinstallConfirm.css
[2008/04/07 20:41:16 | 000,001,937 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\mac\mozapps\xpinstall\xpinstallItemGeneric.png
[2009/06/17 00:52:20 | 000,001,502 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallConfirm.css
[2009/06/17 00:18:30 | 000,001,423 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallItemGeneric.png
[2010/04/01 10:10:00 | 000,001,502 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallConfirm.css
[2010/04/01 09:51:04 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallItemGeneric.png
[2013/09/19 12:42:30 | 000,001,913 | ---- | M] () -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\searchplugins\mycroft-project.xml
[2013/09/19 12:42:26 | 000,002,383 | ---- | M] () -- C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\searchplugins\youtube.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\[]TOOLS[]\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\[]TOOLS[]\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Chrome In-App Payments service = C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\[]TOOLS[]\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\[]TOOLS[]\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\[]TOOLS[]\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\[]TOOLS[]\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\[]TOOLS[]\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Actual Multiple Monitors] C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe (Actual Tools)
O4 - HKCU..\Run: [CursorFX] C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.40.2)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.40.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0B045C6-0DBA-4926-8B56-159FF565315A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{65f4fc7e-5707-11e0-a635-bcaec54f1b9f}\Shell - "" = AutoRun
O33 - MountPoints2\{65f4fc7e-5707-11e0-a635-bcaec54f1b9f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f}\Shell - "" = AutoRun
O33 - MountPoints2\{d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f}\Shell\AutoRun\command - "" = H:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{d0b5e897-7d42-11e2-9f15-bcaec54f1b9f}\Shell - "" = AutoRun
O33 - MountPoints2\{d0b5e897-7d42-11e2-9f15-bcaec54f1b9f}\Shell\AutoRun\command - "" = H:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{e94413d7-473e-11e0-a67b-bcaec54f1b9f}\Shell - "" = AutoRun
O33 - MountPoints2\{e94413d7-473e-11e0-a67b-bcaec54f1b9f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/19 18:33:27 | 000,000,000 | ---D | C] -- C:\Users\the Hoff\Desktop\Actual Multiple Monitors v8.0
[2013/09/19 18:21:43 | 000,000,000 | ---D | C] -- C:\Users\the Hoff\AppData\Local\http___www.julien-manici
[2013/09/19 18:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows 7 Logon Background Changer
[2013/09/19 18:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/19 18:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
[2013/09/19 18:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/19 18:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/09/19 11:52:12 | 000,000,000 | ---D | C] -- C:\Users\the Hoff\Documents\The KMPlayer
[2013/09/19 10:57:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\the Hoff\Desktop\OTL.exe
[2013/09/10 19:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/10 19:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/10 19:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/10 19:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/10 19:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[11 C:\Users\the Hoff\Documents\*.tmp files -> C:\Users\the Hoff\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/20 18:46:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/09/20 18:33:19 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 18:33:19 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 18:24:43 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/20 18:24:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/09/20 18:24:22 | 1944,719,359 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/19 23:22:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/19 18:18:01 | 000,730,448 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/09/19 18:18:01 | 000,627,066 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/09/19 18:18:01 | 000,107,382 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/09/19 10:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\the Hoff\Desktop\OTL.exe
[2013/09/19 10:39:10 | 000,001,008 | ---- | M] () -- C:\Users\the Hoff\Desktop\Handbrake.lnk
[2013/09/11 03:40:38 | 000,420,416 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/09/10 19:08:51 | 000,001,048 | ---- | M] () -- C:\Users\the Hoff\Desktop\Dropbox.lnk
[2013/09/10 18:54:37 | 000,001,704 | ---- | M] () -- C:\Users\the Hoff\Desktop\Google Drive.lnk
[2013/09/07 11:06:45 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013/08/30 00:48:10 | 001,030,952 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/08/30 00:48:10 | 000,378,944 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/08/30 00:48:10 | 000,204,880 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/08/30 00:48:10 | 000,072,016 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/08/30 00:48:10 | 000,065,336 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/08/30 00:48:10 | 000,064,288 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/08/30 00:48:09 | 000,080,816 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/08/30 00:48:09 | 000,033,400 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/08/30 00:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/08/30 00:47:14 | 000,287,840 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[11 C:\Users\the Hoff\Documents\*.tmp files -> C:\Users\the Hoff\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/10 19:08:51 | 000,001,048 | ---- | C] () -- C:\Users\the Hoff\Desktop\Dropbox.lnk
[2013/09/10 18:54:37 | 000,001,704 | ---- | C] () -- C:\Users\the Hoff\Desktop\Google Drive.lnk
[2011/08/12 21:20:48 | 000,007,680 | ---- | C] () -- C:\Users\the Hoff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/04 13:19:07 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/22 16:03:21 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Actual Tools
[2012/12/21 19:27:33 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Amazon
[2011/03/04 08:20:11 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Auslogics
[2011/04/30 11:25:39 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Canon
[2012/04/21 11:07:33 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/20 18:11:06 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/09/19 11:39:51 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\com.wwnorton.WTS3-iLGs
[2013/04/22 14:41:39 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\dBpoweramp
[2013/09/20 18:26:18 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Dropbox
[2013/03/17 19:00:15 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\HandBrake
[2013/01/29 14:15:58 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\IrfanView
[2011/03/06 00:14:09 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\MoveFab
[2011/03/03 17:49:49 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Outertech
[2013/09/19 10:38:00 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\Spotify
[2013/09/19 19:22:46 | 000,000,000 | ---D | M] -- C:\Users\the Hoff\AppData\Roaming\TeraCopy

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:05D195EC

< End of report >

Edited by gvnaz, 23 September 2013 - 05:56 PM.

  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with the problem. Please take note of the below:

  • I will start working on the Malware issues, this may or may not, solve other issues you have with this machine.
  • The fixes are specific to this/these problem(s) and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you the machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • The security programs in use may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage the computer. However it is impossible for me to foresee all interactions that may happen between the software on the computer and those we'll use to clear infections, and I cannot guarantee the safety of the system. It is possible that we might encounter situations where the only recourse is to re-format and re-install the operating system, or to necessitate you taking the computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

*edit - now i'm getting a popup from Avast that software health is critcal because Java 6 is outdated. only problem is that i have already uninstalled 6 and installed 7.

Acknowledged...As for the other issues mentioned, feasible it may be due to any of the following software:-

Actual Tools, CursorFX or TeraCopy

For example apart from being malware related. Though I will need to review the Extras log that should have been created by Run 1 of OTL. This may still be on the desktop and if so please post the contents of that in your next reply.

Plus carry out the below for myself also as follows...

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download the installer for Registry Backup from here or here and save to the desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
Posted Image

  • Click on Backup Now >> once the process is complete similar to the below will be displayed in the GUI:-
Posted Image

  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features be viewed here.
  • 0

#3
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
thanks for helping. i have backed up the registry and here is the Extras log. computer is using GetDiz which is a Notepad replacement. for some reason it doesn't display the log files correctly so i thought the Extras was empty and deleted it. got it out of the Recycle Bin and opened with Notepad and it works like normal.

OTL Extras logfile created on: 9/19/2013 6:24:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\the Hoff\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 78.10% Memory free
15.49 Gb Paging File | 13.78 Gb Available in Paging File | 88.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 724.71 Gb Free Space | 38.90% Space Free | Partition Type: NTFS
Drive D: | 2.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 3.72 Gb Total Space | 2.52 Gb Free Space | 67.85% Space Free | Partition Type: FAT32

Computer Name: THEHOFF-PC | User Name: the Hoff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.ini[@ = GetDiz.Document] -- C:\Program Files (x86)\[]TOOLS[]\GetDiz\GetDiz.exe (Outertech - http://outertech.com)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = GetDiz.Document] -- C:\Program Files (x86)\[]TOOLS[]\GetDiz\GetDiz.exe (Outertech - http://outertech.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.ini [@ = GetDiz.Document] -- C:\Program Files (x86)\[]TOOLS[]\GetDiz\GetDiz.exe (Outertech - http://outertech.com)
.txt [@ = GetDiz.Document] -- C:\Program Files (x86)\[]TOOLS[]\GetDiz\GetDiz.exe (Outertech - http://outertech.com)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\[]TOOLS[]\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\[]TOOLS[]\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BD79B4-BC84-4BC1-93D9-0EC222A5F1F6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B3773B5-28E8-4132-B0B9-FF971CB31A16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0F000F06-C960-430F-9281-618D738392C4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1C566628-AE9F-4475-9482-BA4C5CB53788}" = rport=139 | protocol=6 | dir=out | app=system |
"{239785D6-01BD-4ED4-9B9E-E951F3FDCB20}" = rport=137 | protocol=17 | dir=out | app=system |
"{2F478FDC-1896-4890-85E2-EE9929327870}" = lport=445 | protocol=6 | dir=in | app=system |
"{3C62DA1F-9C19-4DE4-83FF-B1EFA1AB2144}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3F0A0643-A906-48E3-BD1A-D4193D8F8663}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{436D9B3C-18CA-4F9E-9246-FE67DCB83229}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E3B6C9C-E733-4368-9A7C-60233A4B0A7C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{52C3C030-CE09-4178-983F-2CC8861D28CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5806DE5B-41C4-4CC4-B7D6-07CF76D38D70}" = rport=10243 | protocol=6 | dir=out | app=system |
"{594ABC60-F083-4AC9-9C02-0BC1E8B0909B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B520080-B0A0-4679-A25A-B969136F099D}" = rport=138 | protocol=17 | dir=out | app=system |
"{5D5C6A53-CED1-4025-B3FE-D3844BDDF2D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5F9A7FF3-FCC9-4B06-80C9-F14EDB3DB8F1}" = lport=139 | protocol=6 | dir=in | app=system |
"{60DBEC70-083C-4A30-9710-E8F67F15D775}" = rport=445 | protocol=6 | dir=out | app=system |
"{66C617C0-41ED-40BC-8BAD-17C5904CB309}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{673FF72A-1963-4D34-BAA9-A4D44BC1FF08}" = lport=138 | protocol=17 | dir=in | app=system |
"{735B633E-22EC-49FA-82CE-CCFC1D21F4DF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A78D192-3E81-423D-8F37-ED5C6302448A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9045207B-64A6-48EF-BAD7-F3F9A5038ADE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9566CEA8-68F0-4D1C-8F15-7888A56E6E69}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C827E26B-DAAD-4A08-9AFD-8F98FFCB66C9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E26FE757-CB5A-45E8-A389-A1CC357CC2C3}" = lport=137 | protocol=17 | dir=in | app=system |
"{FB4D5C09-8598-4FB1-9108-414F68F0E432}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B0104A-1936-4B1B-BCA2-C5C963B7E75D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0952C60D-23EC-4B29-932E-286F74B90361}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0AC65FAD-530D-4C53-AE20-0DD9BDC1A1C0}" = protocol=17 | dir=in | app=c:\users\the hoff\appdata\roaming\dropbox\bin\dropbox.exe |
"{10033EA9-2C11-4C8C-92E0-405982244D86}" = protocol=6 | dir=in | app=c:\users\the hoff\appdata\roaming\spotify\spotify.exe |
"{17C0FBC7-DAF3-4590-A463-F65A3F750FDF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{184E2AEC-DB3C-4F1B-83B5-10B61A509AA4}" = protocol=17 | dir=in | app=c:\users\the hoff\appdata\roaming\spotify\spotify.exe |
"{1CE36431-E260-474E-A173-0B514B2D80FD}" = protocol=58 | dir=out | [email protected],-28546 |
"{1D01A1F0-07D8-430F-A993-0D207C7592BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E53FC7A-D8F1-405C-8492-226F32E19196}" = protocol=17 | dir=in | app=c:\users\the hoff\appdata\roaming\spotify\spotify.exe |
"{2A538B11-C880-4FBF-8BF4-74A85F833B67}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2B8B25C9-70B4-455C-8B77-F37C8D6A70E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{317158E7-91C4-41D3-8886-0841BDC4318C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45534279-06ED-407C-B1A6-80945B9785F4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{45F5CEF5-9E2D-437A-BBF2-2CD36261AF74}" = protocol=6 | dir=out | app=system |
"{46CCE234-23D9-4B69-9100-ABDBEEAB50DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48707FA5-A2EB-4363-BABF-33BB81B7044D}" = protocol=6 | dir=in | app=c:\users\the hoff\appdata\roaming\dropbox\bin\dropbox.exe |
"{4AAE4FF4-D17B-4BFA-BFDC-C83E9DE90719}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4AD60330-A782-4ACE-BFB1-2EEE4DD25C3E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4B58A03E-5A1F-46BF-8806-F6AE652C64B7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4E83866F-895D-4C8A-B44F-38738754B739}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{58B1940E-9C8D-4A89-90C3-393464F56CEA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{619062EA-4AA2-4BE1-B9B8-34F06EF2A21F}" = protocol=6 | dir=in | app=c:\users\the hoff\appdata\roaming\spotify\spotify.exe |
"{6EEFE466-ADA6-4C7C-96D8-C64AA68BF8D2}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{725D6267-A89B-45D3-B8F8-53EF9EA55FCB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{76F81237-A21B-4EAC-98A9-4C76F2E97273}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B17FA24-201E-41B8-848E-1E7FE4A5AB6F}" = dir=in | app=c:\program files (x86)\[]tools[]\itunes\itunes.exe |
"{A3CF333B-224C-4A24-96AD-BA1FBF3C8BAF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AE24A142-EF6C-45D2-98FF-AC25EF4E2B0D}" = protocol=1 | dir=out | [email protected],-28544 |
"{BDA8D241-DF36-43DD-825E-4ECFD25E215E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5839026-7864-488B-A136-460FC052927F}" = protocol=1 | dir=in | [email protected],-28543 |
"{E0B21B2B-968C-457E-8C3B-78FC96D75240}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E5131E36-2F81-4706-AEA2-3BD3FBB76AD5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EA2E21B7-DCA3-46B3-98A2-157FAB797370}" = protocol=58 | dir=in | [email protected],-28545 |
"{F903FD96-AA05-486F-AD20-54CBA5465B4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{13683597-0804-4CE1-B87B-32EDB1A49E1F}C:\users\the hoff\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\the hoff\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{7EA76B1A-5C6A-42BE-9CF2-4AD3A866EC7B}C:\program files (x86)\[]tools[]\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\[]tools[]\vlc\vlc.exe |
"TCP Query User{8136E175-7306-41D4-A065-5D2BDB92AB9B}C:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe |
"UDP Query User{7A6E7211-938C-4BEB-B824-5D3D18D83815}C:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe |
"UDP Query User{B9A4F351-3DF5-425D-86B7-1CF76FE94F02}C:\users\the hoff\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\the hoff\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D176F4CA-B555-4097-B569-E7BB8C170484}C:\program files (x86)\[]tools[]\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\[]tools[]\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series" = Canon MX300 series
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{897BE4A7-682B-7375-BBAF-05A44FC2B524}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{EE18FF09-2F2A-4A88-85B3-B845EFD5C5FE}" = PDF-XChange Viewer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeraCopy_is1" = TeraCopy 2.12

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1a413f37-ed88-4fec-9666-997AF4905D9C}" = FLV.com FLV Converter 4.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2E6044C5-3495-485F-91BC-46D1B6430E51}" = Windows 7 Logon Background Changer
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51399947-35EF-10B8-FC7F-0D435C701A2D}" = Catalyst Control Center InstallProxy
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{845DE456-3003-28B9-4022-1552B8974F16}" = WTS3_iLGs
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}" = Microsoft Streets & Trips 2010
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"7-Zip" = 7-Zip 9.20
"Actual Multiple Monitors_is1" = Actual Multiple Monitors 5.0.4
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Aleks 3.14" = Aleks 3.14
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.wwnorton.WTS3-iLGs" = WTS3_iLGs
"CursorFX" = CursorFX
"dBpoweramp [Calculate Audio CRC] Codec" = dBpoweramp [Calculate Audio CRC] Codec
"dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec
"dBpoweramp [ReplayGain] Codec" = dBpoweramp [ReplayGain] Codec
"dBpoweramp AAC Encoder" = dBpoweramp AAC Encoder
"dBpoweramp CLI Encoder" = dBpoweramp CLI Encoder
"dBpoweramp Dalet Codec" = dBpoweramp Dalet Codec
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp m4a Utilities" = dBpoweramp m4a Utilities
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBpoweramp Mp2 and BwfMp2 codec" = dBpoweramp Mp2 and BwfMp2 codec
"dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp Real Audio (Helix) Encoder" = dBpoweramp Real Audio (Helix) Encoder
"dBPoweramp tooLame MP2 codec" = dBPoweramp tooLame MP2 codec
"dBpoweramp Wave64 Codec" = dBpoweramp Wave64 Codec
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"DVDFab 8_is1" = DVDFab 8.0.6.1 (18/12/2010)
"GetDiz 4.5" = GetDiz 4.5
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.8
"HTC_WModemDriver" = WModem Driver Installer
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"IrfanView" = IrfanView (remove only)
"JumpStart Languages" = JumpStart Languages
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Office14.STANDARD" = Microsoft Office Standard 2010
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Revo Uninstaller" = Revo Uninstaller 1.91
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 2.0.7
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/9/2013 9:43:39 PM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/9/2013 9:43:40 PM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/9/2013 9:43:41 PM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/9/2013 9:43:42 PM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/9/2013 9:43:43 PM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/9/2013 9:43:44 PM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 600 seconds, 2 replies waiting

Error - 9/9/2013 9:43:44 PM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = 476: Client unresponsive; aborting connection

Error - 9/9/2013 9:43:44 PM | Computer Name = theHoff-PC | Source = Bonjour Service | ID = 100
Description = 476: DNSServiceResolve f0:d1:a9:32:27:[email protected]::f2d1:a9ff:fe32:277f._apple-mobdev._tcp.local.

Error - 9/10/2013 8:51:48 PM | Computer Name = theHoff-PC | Source = ESENT | ID = 489
Description = taskhost (3584) An attempt to open the file "C:\Users\the Hoff\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/10/2013 9:25:42 PM | Computer Name = theHoff-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 9/16/2013 7:20:22 PM | Computer Name = theHoff-PC | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053

Error - 9/16/2013 7:22:30 PM | Computer Name = theHoff-PC | Source = DCOM | ID = 10010
Description =

Error - 9/19/2013 1:34:35 PM | Computer Name = theHoff-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:32:41 PM on ?9/?17/?2013 was unexpected.

Error - 9/19/2013 1:35:40 PM | Computer Name = theHoff-PC | Source = DCOM | ID = 10005
Description =

Error - 9/19/2013 1:35:33 PM | Computer Name = theHoff-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the BITS service.

Error - 9/19/2013 1:35:40 PM | Computer Name = theHoff-PC | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%1053

Error - 9/19/2013 9:17:15 PM | Computer Name = theHoff-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR6.

Error - 9/19/2013 9:17:16 PM | Computer Name = theHoff-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR6.

Error - 9/19/2013 9:17:16 PM | Computer Name = theHoff-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR6.

Error - 9/19/2013 9:17:17 PM | Computer Name = theHoff-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR6.


< End of report >
  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

thanks for helping. i have backed up the registry and here is the Extras log. computer is using GetDiz which is a Notepad replacement. for some reason it doesn't display the log files correctly so i thought the Extras was empty and deleted it. got it out of the Recycle Bin and opened with Notepad and it works like normal.

Acknowledged and you're welcome!

Now with regard to GetDiz I can see it has altered some specific File Associations, so if you encounter any further problems with the posting of any logs I request merely temp' uninstall that for the duration of the malware removal process.

As for the other issues there are a few likely suspects denoted in the Event Logs. However for now I will ensure malware is not the culprit first(also disable some unnecessary system start-ups) then we can try to address the aforementioned. Saying there may be a underlying problem with the Bonjour service and this can cause some of the issues you mentioned so for the time being we will stop and disable that as follows...

Please download the attached Bonjour.Bat(below) to the desktop.

[attachment=66696:Bonjour.bat]

Now right-click on Bonjour.Bat and select Run as Administrator to run the batch file.

A Command Window will open briefly then close and the batch file itself will self-delete when it has finished processing the script.

Java Advice:

There has been a recent severe exploitation of this software(still on-going), further information can be read here. The aforementioned article will also explain on how to disable the plugins, though my friendly advice would be to uninstall if your friend does not use anything Java related. This is the presently installed Java version:-

Java 7 Update 40

Myself I do not even have anything Java related installed on any of my machines nor intend to again in the foreseeable future.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
FF - prefs.js..browser.search.autosizerwizard: ""
FF - prefs.js..browser.startup.homepage: "chrome://fastdial/content/fastdial.html"
FF - prefs.js..extensions.enabledAddons: CLEO%40guid.customsoftwareconsult.com:5.0.1
FF - prefs.js..extensions.enabledAddons: gmailnoads%40mywebber.com:3.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.40.2)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.40.2)
O33 - MountPoints2\{65f4fc7e-5707-11e0-a635-bcaec54f1b9f}\Shell - "" = AutoRun
O33 - MountPoints2\{65f4fc7e-5707-11e0-a635-bcaec54f1b9f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f}\Shell - "" = AutoRun
O33 - MountPoints2\{d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f}\Shell\AutoRun\command - "" = H:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{d0b5e897-7d42-11e2-9f15-bcaec54f1b9f}\Shell - "" = AutoRun
O33 - MountPoints2\{d0b5e897-7d42-11e2-9f15-bcaec54f1b9f}\Shell\AutoRun\command - "" = H:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{e94413d7-473e-11e0-a67b-bcaec54f1b9f}\Shell - "" = AutoRun
O33 - MountPoints2\{e94413d7-473e-11e0-a67b-bcaec54f1b9f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
[2011/03/04 13:19:07 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:05D195EC

:Files
C:\Program Files (x86)\Java\jre6
C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
netsh winsock reset all /c
netsh int ip reset all /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"=-
"GoogleDriveSync"=-
"Actual Multiple Monitors"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=-

:Commands
[ResetHosts]
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot the computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click the excutasble for MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate downloads are here or here.

  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
  • Allow the system to reboot. You will then be presented with the report. Copy and Paste this report in your next reply.
Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Next:

When completed the above, please post back the following in the order asked for:

  • How is the computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
  • AdwCleaner Log.

  • 0

#5
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
bonjour.bat done.
i have no idea if they use anything that needs Java. maybe it should be removed and if they run into any problems using programs that they normally use then it can be reinstalled.
custom OTL script run, log included.
MBAM run, no malicious items, log included.
i will edit in the AdwCleaner log when done.

OTL log
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: "" removed from browser.search.autosizerwizard
Prefs.js: "chrome://fastdial/content/fastdial.html" removed from browser.startup.homepage
Prefs.js: CLEO%40guid.customsoftwareconsult.com:5.0.1 removed from extensions.enabledAddons
Prefs.js: gmailnoads%40mywebber.com:3.9.1 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. removed from extensions.enabledItems
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f4fc7e-5707-11e0-a635-bcaec54f1b9f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f4fc7e-5707-11e0-a635-bcaec54f1b9f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f4fc7e-5707-11e0-a635-bcaec54f1b9f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f4fc7e-5707-11e0-a635-bcaec54f1b9f}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f}\ not found.
File H:\VZW_Software_upgrade_assistant.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0b5e897-7d42-11e2-9f15-bcaec54f1b9f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0b5e897-7d42-11e2-9f15-bcaec54f1b9f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0b5e897-7d42-11e2-9f15-bcaec54f1b9f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0b5e897-7d42-11e2-9f15-bcaec54f1b9f}\ not found.
File H:\VZW_Software_upgrade_assistant.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e94413d7-473e-11e0-a67b-bcaec54f1b9f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e94413d7-473e-11e0-a67b-bcaec54f1b9f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e94413d7-473e-11e0-a67b-bcaec54f1b9f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e94413d7-473e-11e0-a67b-bcaec54f1b9f}\ not found.
File H:\LaunchU3.exe -a not found.
C:\ProgramData\.zreglib moved successfully.
ADS C:\ProgramData\TEMP:05D195EC deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\Java\jre6 not found.
C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::4c2:aaf6:2eeb:77ee%10
Default Gateway . . . . . . . . . :
Tunnel adapter isatap.{B0B045C6-0DBA-4926-8B56-159FF565315A}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1cc4:e74:bc12:ad8
Link-local IPv6 Address . . . . . : fe80::1cc4:e74:bc12:ad8%15
Default Gateway . . . . . . . . . : ::
C:\Users\the Hoff\Desktop\cmd.bat deleted successfully.
C:\Users\the Hoff\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::4c2:aaf6:2eeb:77ee%10
IPv4 Address. . . . . . . . . . . : 192.168.1.121
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Tunnel adapter isatap.{B0B045C6-0DBA-4926-8B56-159FF565315A}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:ca2:210f:3f57:fe86
Link-local IPv6 Address . . . . . : fe80::ca2:210f:3f57:fe86%15
Default Gateway . . . . . . . . . : ::
C:\Users\the Hoff\Desktop\cmd.bat deleted successfully.
C:\Users\the Hoff\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\the Hoff\Desktop\cmd.bat deleted successfully.
C:\Users\the Hoff\Desktop\cmd.txt deleted successfully.
< netsh winsock reset all /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\the Hoff\Desktop\cmd.bat deleted successfully.
C:\Users\the Hoff\Desktop\cmd.txt deleted successfully.
< netsh int ip reset all /c >
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\the Hoff\Desktop\cmd.bat deleted successfully.
C:\Users\the Hoff\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\the Hoff\Desktop\cmd.bat deleted successfully.
C:\Users\the Hoff\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\the Hoff\Desktop\cmd.bat deleted successfully.
C:\Users\the Hoff\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CursorFX deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleDriveSync deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Actual Multiple Monitors not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\APSDaemon deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: the Hoff
->Temp folder emptied: 156106816 bytes
->Temporary Internet Files folder emptied: 2203685 bytes
->Java cache emptied: 89155 bytes
->FireFox cache emptied: 108719568 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 58942 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 313040 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42361501 bytes
RecycleBin emptied: 46415040 bytes

Total Files Cleaned = 340.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09252013_132506

Files\Folders moved on Reboot...
C:\Users\the Hoff\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\the Hoff\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


MBAM log
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
the Hoff :: THEHOFF-PC [administrator]

9/25/2013 1:37:23 PM
mbam-log-2013-09-25 (13-37-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195855
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


AdwCleaner log
  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts

bonjour.bat done.
i have no idea if they use anything that needs Java. maybe it should be removed and if they run into any problems using programs that they normally use then it can be reinstalled.
custom OTL script run, log included.
MBAM run, no malicious items, log included.

Acknowledged...

i will edit in the AdwCleaner log when done.

No need, merely posting the log as a new reply will suffice. :)
  • 0

#7
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
thanks again! ;)

# AdwCleaner v3.005 - Report created 25/09/2013 at 13:55:39
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : the Hoff - THEHOFF-PC
# Running from : C:\Users\the Hoff\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\\invalidprefs.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\prefs.js ]


-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1287 octets] - [25/09/2013 13:54:07]
AdwCleaner[S0].txt - [1216 octets] - [25/09/2013 13:55:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1276 octets] ##########
  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

How is the machine performing now, the same issues or not ?

Next:

With regard to Java, might as well uninstall that then and as you mentioned if really required your friend can reinstall via:-

Java Downloads for All Operating Systems

Scroll down to:-

Which should I choose?

Follow the advice per We have detected you may be viewing this page etc etc

Then after the new installation follow the advice for disabling the browser add-on's/plug-in's.

Check Hard Disk For Errors:

Please download the attached CHE.Bat(below) to the desktop.

[attachment=66704:CHE.Bat]

Now right-click on CHE.Bat and select Run as Administrator to run the batch file.

A Command Window will open briefly(for a few minutes max', so please be patient) then close and the batch file itself will self-delete when it has finished processing the script.

Then a notepad file named checkhd.txt should appear on the desktop. Please post the contents of the aforementioned in your next reply.
  • 0

#9
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
computer feels fine and the 'waiting for background program' issue seems to be gone. i removed Java 7 but Avast still insists that Software Health is Critical because of Java 6 which is no longer on the computer.

The type of the file system is NTFS.
Volume label is OS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
4113 large file records processed.
0 bad file records processed.
0 EA records processed.
44 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
41737 data files processed.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

1953410135 KB total disk space.
1194003740 KB in 365011 files.
198664 KB in 41738 indexes.
0 KB in bad sectors.
595599 KB in use by the system.
65536 KB occupied by the log file.
758612132 KB available on disk.

4096 bytes in each allocation unit.
488352533 total allocation units on disk.
189653033 allocation units available on disk.
  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

i removed Java 7 but Avast still insists that Software Health is Critical because of Java 6 which is no longer on the computer.

Sometimes the uninstaller for Java is not very thorough, so lets proceed as follows shall we...

Scan with JavaRa

Please download JavaRa.zip to the desktop, then extract the zip file to the desktop etc.

  • There should now be a folder on the desktop named JavaRa-2.3, double click on this to open it
  • Now right-click on JavaRa.exe and select Run as Administrator >> Remove Java Runtime >> follow the prompts
  • If No installer found. Please press 'next' to continue appears in the GUI(graphical user interface) >> click on Next
  • Then click on Perform Removal Routine >> OK >> Next >> Next >> Finish >> close JavaRa
  • Reboot the computer
Note: There will now be a notepad file called JavaRa-D-DD-YYYY within JavaRa-2.3 folder itself. I have no need to review this for the time being unless I state otherwise.

Next:

Once the machine has rebooted, double click on the Avast System Tray Icon >> once the GUI(graphical user interface) has appeared click on Software Updater

If anything Java related is denoted, click on the More details drop down menu next to it and make a note of the exact version please and in turn post the information in your next reply.

Next:

computer feels fine and the 'waiting for background program' issue seems to be gone

Good and after a final check for malware(below) we shall see about rectifying that geminately

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable the currently installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then right click on it and select Run as Administrator to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the log file located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable the Anti-Virus application after running the above scan!
  • 0

Advertisements


#11
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Avast doesn't report any more problems with Java. that program worked nicely.
ESET reported nothing found but i accidentally went through it without grabbing the log file. i will rerun it and post the log later tonight.
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
I will be standing in for Dakeyras for a few days.


I look forward to seeing your eset log and I am pleased things are running better!

Regards,

CompCav
  • 0

#13
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f7b5a4b53faead49a2bd125b2259399f
# engine=15287
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-28 04:12:16
# local_time=2013-09-27 09:12:16 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 131884986 0 0
# scanned=399289
# found=0
# cleaned=0
# scan_time=6529
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Very good now just to recap, what issues do you still have?

Regards,

CompCav
  • 0

#15
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
no issues, seems to be running nicely.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP